A blockchain based approach for the authorization policies delegation in emergency situations
Authors: 
Syed Noman Ali Sherazi, Ehtesham Zahoor, Sabina Akhtar, and Olivier PerrinAuthors Info & Claims
Syed Noman Ali Sherazi, Ehtesham Zahoor, Sabina Akhtar, and Olivier PerrinAuthors Info & ClaimsAbstract
There are many facets to implementing security within an organization and one such measure is the authorization or the access control process. The recent rise of decentralized file systems such as interplanetary file system (IPFS) allow for decentralized storage of resource using content addressing. Naturally, the authorization process for handling these resources needs to be decentralized as well and decentralized ledger technologies, such as the blockchain with the support of smart contracts can be used to manage the authorization process. In this article, we propose an approach which allows for decoupling authorization logic from the core capabilities of a smart contract and providing advance authorization capabilities, such as contextual delegation, to be readily available. The proposed approach is expressive and can handle many aspects related to authorization such as role‐based access control, conflicts, and redundancy reduction. We have used an efficient and modular approach for designing smart contracts. This makes them easier to manage and redeploy, if needed. The data structures used in the smart contracts are carefully chosen to minimize the gas cost, as evident from performance evaluation results.
Graphical Abstract
In this work, we address the problem of authorization policies delegation in emergency situations. In an emergency situation, the authorization process may need to allow users to override the regular permissions (under some constraints) and the benefits of a blockchain based transparent and auditable authorization approach are thus evident.
References
[1]
Wood G. Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper. 2014;151:1‐32.
[2]
Bocek T, Rodrigues BB, Strasser T, Stiller B. Blockchains everywhere—a use‐case of blockchains in the pharma supply‐chain. Proceedings of the 2017 IFIP/IEEE Symposium on Integrated Network and Service Management IM; 2017:772‐777.
[3]
Azaria A, Ekblaw A, Vieira T, Lippman A. MedRec: using blockchain for medical data access and permission management. In: Awan I, Younas M, eds. Proceedings of the 2nd International Conference on Open and Big Data, OBD 2016. Vienna, Austria: IEEE Computer Society; 2016:25‐30. https://doi.org/10.1109/OBD.2016.11
[4]
Ferraiolo D, Kuhn R. Role‐based access controls. Proceedings of the 15th National Computer Security Conference; 1992:554‐563.
[5]
Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role‐based access control models. IEEE Comput. 1996;29(2):38‐47. https://doi.org/10.1109/2.485845
[6]
Thomas RK, Sandhu RS. Task‐Based Authorization Controls (TBAC): a family of models for active and enterprise‐oriented autorization management. In: Lin TY, Qian S, eds. Database Securty XI: Status and Prospects, IFIP TC11 WG11.3 Eleventh International Conference on Database Security, IFIP Conference Proceedings. Vol 113. Lake Tahoe, CA: Chapman & Hall; 1997:166‐181.
[7]
Thomas RK. Team‐based access control (TMAC): a primitive for applying role‐based access controls in collaborative environments. Proceedings of the ACM Workshop on Role‐Based Access Control; 1997:13‐19; ACM, New York, NY.
[8]
Georgiadis CK, Mavridis I, Pangalos G, Thomas RK. Flexible team‐based access control using contexts. In: Sandhu RS, Jaeger T, eds. Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, SACMAT 2001, Litton‐TASC. Chantilly, Virginia: ACM; 2001:21‐27. https://doi.org/10.1145/373256.373259
[9]
Freudenthal E, Pesin T, Port L, Keenan E, Karamcheti V. dRBAC: distributed role‐based access control for dynamic coalition environments. Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS'02); July 2‐5, 2002:411‐420; IEEE Computer Society, Vienna, Austria. https://doi.org/10.1109/ICDCS.2002.1022279
[10]
Wu T, Pei X, Lu Y, Chen C, Gao L. A distributed collaborative product design environment based on semantic norm model and role‐based access control. J Netw Comput Appl. 2013;36(6):1431‐1440.
[11]
Ruan C, Varadharajan V. Dynamic delegation framework for role based access control in distributed data management systems. Distrib Parallel Databases. 2014;32(2):245‐269.
[12]
Coyne E, Weil TR. ABAC and RBAC: scalable, flexible, and auditable access management. IT Professional. 2013;15(3):14‐16. https://doi.org/10.1109/MITP.2013.37
[13]
Zahoor E, Asma Z, Perrin O. A formal approach for the verification of AWS IAM access control policies. In: Paoli FD, Schulte S, Johnsen EB, eds. Service‐Oriented and Cloud Computing ‐ 6th IFIP WG 2.14 European Conference, ESOCC; September 27‐29, 2017, Proceedings. Lecture Notes in Computer Science. Vol 10465. Oslo, Norway: Springer; 2017:59‐74. https://doi.org/10.1007/978-3-319-67262-5_5
[14]
Zahoor E, Ikram A, Akhtar S, Perrin O. Authorization policies specification and consistency management within multi‐cloud environments. In: Gruschka N, ed. Secure IT Systems ‐ 23rd Nordic Conference, NordSec 2018, November 28‐30, 2018, Proceedings. Lecture Notes in Computer Science. Vol 11252. Oslo, Norway: Springer; 2018:272‐288. https://doi.org/10.1007/978-3-030-03638-6_17
[15]
Zahoor E, Bibi U, Perrin O. Shadowed authorization policies ‐ A disaster waiting to happen? In: Cheng R, Mamoulis N, Sun Y, Huang X, eds. Web Information Systems Engineering ‐ WISE 2019 ‐ 20th International Conference; November 26‐30, 2019, Proceedings. Lecture Notes in Computer Science. Vol 11881. Hong Kong, China: Springer; 2019:341‐355. https://doi.org/10.1007/978-3-030-34223-4_22
[16]
Bryans J. Reasoning about XACML policies using CSP. SWS; 2005: 28‐35.
[17]
Dang TK, Thi KTL, Dang AT, Van HDS. Towards a flexible framework to support a generalized extension of XACML for spatio‐temporal RBAC model with reasoning ability. Int J Web Inf Syst. 2014;10(2):131‐150. https://doi.org/10.1108/IJWIS-12-2013-0037
[18]
Kolovski V, Hendler JA, Parsia B. Analyzing web access control policies. WWW; 2007:677‐686.
[19]
Agoun J, Hacid M. Data sharing in presence of access control policies. In: Panetto H, Debruyne C, Hepp M, Lewis D, Ardagna CA, Meersman R, eds. On the Move to Meaningful Internet Systems: OTM 2019 Conferences ‐ Confederated International Conferences: CoopIS, ODBASE, C&TC 2019; October 21‐25, 2019, Proceedings. Lecture Notes in Computer Science. Vol 11877. Rhodes, Greece: Springer; 2019:301‐309. https://doi.org/10.1007/978-3-030-33246-4_19
[20]
Sultan NH, Barbhuiya FA, Laurent M. ICAuth: a secure and scalable owner delegated inter‐cloud authorization. Future Gener Comput Syst. 2018;88:319‐332. https://doi.org/10.1016/j.future.2018.05.066
[21]
Nabeel M, Bertino E. Privacy preserving delegated access control in public clouds. IEEE Trans Knowl Data Eng. 2014;26(9):2268‐2280. https://doi.org/10.1109/TKDE.2013.68
[22]
Bouchami A, Perrin O, Zahoor E. Trust‐based formal delegation framework for enterprise social networks. Proceedings of the 2015 IEEE TrustCom/BigDataSE/ISPA; August 20‐22, 2015:127‐134; IEEE, Helsinki, Finland. https://doi.org/10.1109/Trustcom.2015.366
[23]
Ferretti L, Marchetti M, Colajanni M. Verifiable delegated authorization for user‐centric architectures and an OAuth2 implementation. In: Reisman S, Ahamed SI, Demartini C, et al., eds. Proceedings of the 41st IEEE Annual Computer Software and Applications Conference, COMPSAC 2017, July 4‐8, 2017. Vol 2. Turin, Italy: IEEE Computer Society; 2017:718‐723. https://doi.org/10.1109/COMPSAC.2017.260
[24]
Marinovic S. Rumpole: A Reactive and Introspective Break‐Glass Access Control Model. PhD thesis. London, UK: Imperial College; 2012.
[25]
Liu G, Zhang R, Song H, Wang C, Liu J, Liu A. Ts‐RBAC: a RBAC model with transformation. Comput Secur. 2016;60:52‐61. https://doi.org/10.1016/j.cose.2016.03.006
[26]
Nazerian F, Motameni H, Nematzadeh H. Emergency role‐based access control (E‐RBAC) and analysis of model specifications with alloy. J Inf Secur Appl. 2019;45:131‐142. https://doi.org/10.1016/j.jisa.2019.01.008
[27]
Maw HA, Xiao H, Christianson B, Malcolm JA. BTG‐AC: break‐the‐glass access control model for medical data in wireless sensor networks. IEEE J Biomed Health Inform. 2016;20(3):763‐774. https://doi.org/10.1109/JBHI.2015.2510403
[28]
Maesa DDF, Mori P, Ricci L. A blockchain based approach for the definition of auditable access control systems. Comput Secur. 2019;84:93‐119. https://doi.org/10.1016/j.cose.2019.03.016
[29]
Demichev A, Kryukov AP, Prikhodko N. Blockchain‐based delegation of rights in distributed computing environment. In: Malyshkin V, ed. Parallel Computing Technologies ‐ 15th International Conference, PaCT 2019, August 19‐23, 2019, Proceedings. Lecture Notes in Computer Science. Vol 11657. Almaty, Kazakhstan: Springer; 2019:408‐418. https://doi.org/10.1007/978-3-030-25636-4_32
[30]
Wilkinson S, Boshevski T, Brandoff J, Buterin V. Storj: a decentralized cloud storage network framework; 2018.
[31]
Benet J. Ipfs‐content addressed, versioned, p2p file system; 2014. arXiv preprint arXiv:14073561.
[32]
Li X, Jiang P, Chen T, Luo X, Wen Q. A survey on the security of blockchain systems. Future Gener Comput Syst. 2020;107:841‐853. https://doi.org/10.1016/j.future.2017.08.020
Index Terms
- A blockchain based approach for the authorization policies delegation in emergency situations
Index terms have been assigned to the content through auto-classification.
Recommendations
Role-Based delegation with negative authorization
APWeb'06: Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and DevelopmentRole-based delegation model (RBDM) based on role-based access control (RBAC) has proven to be a flexible and useful access control model for information sharing on distributed collaborative environment. Authorization is an important functionality for ...
Dynamic authorisation policies for event-based task delegation
CAiSE'10: Proceedings of the 22nd international conference on Advanced information systems engineeringTask delegation presents one of the business process security leitmotifs. It defines a mechanism that bridges the gap between both workflow and access control systems. There are two important issues relating to delegation, namely allowing task ...
An Extended Permission-Based Delegation Authorization Model
CSSE '08: Proceedings of the 2008 International Conference on Computer Science and Software Engineering - Volume 03The characteristics of delegation are analyzed and defined in this paper, including time, totality, level, multi-delegation, agreement and revocation. Based on RBAC, an extended role and permission-based delegation model is redefined by separating ...
Comments
Information & Contributors
Information
Published In
© 2022 John Wiley & Sons, Ltd.
Publisher
John Wiley & Sons, Inc.
United States
Publication History
Published: 27 May 2022
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in